Export limit exceeded: 353908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (353908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42999 | 1 Openstack | 1 Keystone | 2026-05-28 | 6 Medium |
| An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionally merges the raw JSON request body into the policy enforcement dictionary via policy_dict.update(json_input.copy()), overwriting trusted target data that was previously set from database lookups. Because flask.request.get_json is called with force=True, this works regardless of Content-Type or HTTP method. Any authenticated user can inject arbitrary policy target attributes (e.g., user_id, project_id) into the request body to bypass RBAC checks and perform unauthorized operations on resources belonging to other users or projects. This was introduced in commit 5ea59f52 (Rocky/14.0.0). | ||||
| CVE-2026-42400 | 2026-05-28 | 6.5 Medium | ||
| Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user can send a specially crafted compressed request payload that is processed prior to authorization checks, causing excessive memory and CPU resource consumption that can result in a Kibana instance becoming unresponsive or crashing. | ||||
| CVE-2021-22897 | 5 Haxx, Netapp, Oracle and 2 more | 30 Curl, Cloud Backup, H300e and 27 more | 2026-05-28 | 5.3 Medium |
| curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly. | ||||
| CVE-2026-43000 | 1 Openstack | 1 Keystone | 2026-05-28 | 6 Medium |
| An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token carries the victim's identity, which passes the trustor validation check. Keystone then validates the delegated roles against the victim's actual role assignments in the database, not the roles on the requesting token. This allows the attacker to create a trust delegating the victim's admin role to themselves. The trust persists independently, and additional trusts and application credentials can be created to maintain access. All actions are logged under the victim's identity. | ||||
| CVE-2026-48897 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-28 | 7.5 High |
| Insufficient state checks lead to a vector that allows to bypass 2FA checks. | ||||
| CVE-2021-31944 | 1 Microsoft | 1 3d Viewer | 2026-05-28 | 5 Medium |
| 3D Viewer Information Disclosure Vulnerability | ||||
| CVE-2021-31942 | 1 Microsoft | 1 3d Viewer | 2026-05-28 | 7.8 High |
| 3D Viewer Remote Code Execution Vulnerability | ||||
| CVE-2021-28465 | 1 Microsoft | 1 Web Media Extensions | 2026-05-28 | 7.8 High |
| Web Media Extensions Remote Code Execution Vulnerability | ||||
| CVE-2026-32847 | 2026-05-28 | 7.5 High | ||
| DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in new_ui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /{full_path:path} endpoint. Attackers can bypass Starlette's path normalization by encoding slashes as %2F and dots as %2E%2E, causing the joined path to traverse outside FRONTEND_DIST and exposing sensitive files such as SSH private keys, TLS certificates, and application secrets with a single HTTP request. | ||||
| CVE-2021-28464 | 1 Microsoft | 1 Vp9 Video Extensions | 2026-05-28 | 7.8 High |
| VP9 Video Extensions Remote Code Execution Vulnerability | ||||
| CVE-2026-48901 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-28 | 7.5 High |
| The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key. | ||||
| CVE-2026-45021 | 1 Kumahq | 1 Kuma | 2026-05-28 | N/A |
| Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin bootstrap token and signing keys to any webpage the operator visits while the control plane is reachable from their browser. CorsAllowedDomains: [".*"] reflects any Origin, and LocalhostIsAdmin: true promotes requests from 127.0.0.1 to mesh-system:admin. A cross-origin fetch() from a malicious page returns the admin JWT and signing material. This vulnerability is fixed in 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5. | ||||
| CVE-2021-1721 | 2 Microsoft, Redhat | 7 .net, .net Core, Powershell Core and 4 more | 2026-05-28 | 6.5 Medium |
| .NET Core and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2026-38703 | 2026-05-28 | 9.8 Critical | ||
| A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices. | ||||
| CVE-2026-38704 | 2026-05-28 | 9.8 Critical | ||
| A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices. | ||||
| CVE-2026-47676 | 2026-05-28 | 5.3 Medium | ||
| Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, app.mount() strips the mount prefix from the incoming request path using the raw URL pathname, while route matching is performed against the percent-decoded path. This inconsistency causes the prefix to be stripped at the wrong position when the path contains percent-encoded multi-byte characters, resulting in the mounted sub-application receiving an incorrect path. This vulnerability is fixed in 4.12.21. | ||||
| CVE-2026-44466 | 1 Zed-industries | 1 Zed | 2026-05-28 | 8.6 High |
| Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $((...)), allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0. | ||||
| CVE-2026-34126 | 2026-05-28 | N/A | ||
| TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. Bluetooth is only used during initialization. An attacker within the Bluetooth range could exploit this behavior using Bluetooth sniffing or man-in-the-middle techniques, which may allow eavesdropping on Bluetooth communication, manipulate transmitted setup data and potentially gain unauthorized control of the device during initialization. An attacker within the Bluetooth range could exploit this behavior using Bluetooth sniffing or man-in-the-middle techniques, which may allow eavesdropping on Bluetooth communication, manipulate transmitted setup data and potentially gain unauthorized control of the device during initialization. D100C is the chime delivered with your Tapo camera, and it is delivered with the following Tapo products: D130, D210, D235, D225, TD21, TDB21 and TD25 | ||||
| CVE-2026-45297 | 1 Openreplay | 1 Openreplay | 2026-05-28 | N/A |
| OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatch. ProjectAuthorizer.__call__ (OSS api/auth/auth_project.py:14-38 and EE ee/api/auth/auth_project.py:14-46) only runs projects.is_authorized(project_id, tenant_id, user_id) + projects.get_project(tenant_id, project_id) when self.project_identifier == "projectId" (camelCase). For EE multi-tenant, feature-flag queries only filter on project_id, never tenant_id. Any authenticated user in tenant A can read/update/delete feature-flag rows belonging to tenant B by iterating the sequential integer project_id + feature_flag_id. OSS is single-tenant by design ({"errors":["tenants already registered"]} on second signup) so there's no cross-tenant impact This vulnerability is fixed in 1.26.0. | ||||
| CVE-2026-44796 | 1 Nautobot | 1 Nautobot | 2026-05-28 | 6.5 Medium |
| Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in combination with the use_regex flag. This vulnerability is fixed in 2.4.33 and 3.1.2. | ||||